[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Suspicious File found by chkrootkit

On Sunday 09 April 2006 04:54, Rick Friedman wrote:
> I run chkrootkit daily. Today it has found a file it calls, "suspicious".
> The file is a zero byte, hidden file. The path is
> /usr/lib/xulrunner/.autoreg
>
> After seeing this warning, I also ran rkhunter (rootkit hunter). The
> report from rkhunter comes up clean. It does not flag the .autoreg file
> (or any file for that matter).
>
> I am running sid and I believe that the .autoreg file may come from the
> libxul0d package.
>
> Is this a legitimate file or something I should be concerned about? I
> tend to think chkrootkit flagged it simply because it's hidden and zero
> bytes. I don't think it's really a threat but I want to make certain.
>
> Any help is appreciated. Thanks.
>
> Rick

I am running a 5-day old sid installation and have this .autoreg file, as 
well.  I couldn't find any other information online regarding this file, 
but seeing as how the file's mtime is a few seconds after the other file's 
mtimes, this file was probably generated when some package was configured, 
most likely libxul0d.

Adam

-- 
"Pulling together is the aim of despotism and tyranny.
 Free men pull in all kinds of directions."
                           Terry Pratchett, The Truth
Reply to: